Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 18:55

General

  • Target

    c39e50db7bba6d5e7f8d1a591c30c453_JaffaCakes118.html

  • Size

    54KB

  • MD5

    c39e50db7bba6d5e7f8d1a591c30c453

  • SHA1

    481b2fa24dd41f41d9fc7fd63fe24611ab26ca7d

  • SHA256

    24d04be48b29e48a80f8aa38785280974026a204a70651ef10e33a3b47539c0d

  • SHA512

    6ef22ed7a2cfb1acab5c1e9f9a5b6af3cabd714a7f13f170cff5234f0296a5404f40c215d6324bff19b39b1fac438d2d92146e63c21f3247c449e101641c74db

  • SSDEEP

    768:xACNXPIpB3Jgt+fl5FQijPXncxFfkRNbeKQq7lq2SfH:xAGIpB3Jgt+fl5FTjUJYF7lI

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c39e50db7bba6d5e7f8d1a591c30c453_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    5b80b7db25ca8cf97e3e559efc6fe0ac

    SHA1

    17268e268bdf33f58e585c840e8f12b1edcc9793

    SHA256

    bce94058599bb5c98f74fcd22d224c93b576c73bc3c3ce3032af01b719d0240a

    SHA512

    8260c031ea0038e49bccec419669767a9da89b1455629bc92da897449eafd48b15dbb32a5e203d33bf3b18c7855ed50f3a213970f2bbb9a59b61ecfa568853ca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    5cadb0bb51f90ba9e16d7e31d2c16bb9

    SHA1

    9d04eb2969b81cb0a8249a5a7c2494ff3e41750e

    SHA256

    6b7f9677f51fac218051dcbd3b0c5afc5da0decc7a52213293a45e8a103da2fb

    SHA512

    9848704c506f27bf6a1040d502d1f846fbf1f333a8ba67dea8ea20e829e242cca543b06d87f55eed21f4bff7a1b23491ab180350244bede9c6176cb1b04df8ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    d84f34ebb59321e2c5b3db6b31dc79d7

    SHA1

    f4c719bec4be28d5fe05e479def1ba73577b42f5

    SHA256

    c4c51705ac56579b3bc3eff2977105d13cb6a24d84612d323b4e6f20ada9f351

    SHA512

    f9bc51e49b9ae852db1ac738b81d0ef153947ec1154cabb30705e31f354e700d12f2ba66249171fa895f548f779aa8d270aa1c13f0c9cb2e6f9baafbf7ff7395

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d201d33491f92f7f92cb26a5dca362ac

    SHA1

    71c1a86a77e44462b85d98af17aa8026efbe9044

    SHA256

    dfa2c24145f0f49e22eff1f0aa50da0f9560c1aa67ff9689e492fbc3f85f14fa

    SHA512

    234f09deb6c9ffeb779a3265cceeb4bd4f234cafb1d9b824c623d9be9158fc6e31e812293f943a465c32cb14e55a4cd2a460531371f9eff0359d8b4cdf402868

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    93fb6c0fd0ea77871087e0faa3c24d5b

    SHA1

    2d7ecd5bef7cdf545ea394459217977d85136d1a

    SHA256

    2eef0d1d11118cbe9bb50af93f583aa3a1d4ccc02282193234ddef9bfed388b9

    SHA512

    a119924f589a32b17cffbba8e29341bef25566208cb816efb5b4159fc101dd0ad6583adca24732d9051f6e3748482ac1ec4d5f42e603548a092a605f455e90a2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e4c4dcc8080c8d6f4d461569683a5471

    SHA1

    b853ed5013ec7e8b200fcc1a0ceccf3258d115db

    SHA256

    15cf485f3456df3ed8f9edf7fa42dc1e3f161232e5b4befa7bc262b43f3f0936

    SHA512

    31041aba3873eff123607992ecd4fffff514c1aabd8a40341f39dc15d2e47837f620f07cec36c0be0f03416ae8038f3edb1c79d1c7604342fe1e5880fb161293

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    58e931143da3a176da76bd4db19e0ff5

    SHA1

    0aeb246dee30d0cde36d481edd854e0a0a46cff9

    SHA256

    e86bd08f39fe6babf520b7f27e03d9823f47260de19777e88859089c0cc44f17

    SHA512

    1c387ad546993b9b65acbb58c6850fcd99b6b39676a9770d99e64e67b1b10dcbd5c435c4d31167471fc8d6f703624d9af40e8def831c78fd454bc0d853d2c3c2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dc3dc4b434e71cb9059a54a238cfe683

    SHA1

    077c9b51563e0e345754b09cebe66a4d3b9812be

    SHA256

    9d14dc41b939c66f86f623ac7380d833e0b0caa14da459308fad77ac3113737c

    SHA512

    21eb0cee3960a5dcb667a27c6eafc741a623f145295abfdf9a66af80ee1d2ba28c3136b87fa85e358ced3e22e5219e4ad836c20d6d18244d1ea3694bdcb74559

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    22dbb7d75f6f685a0fc5e24d6003d637

    SHA1

    4c95715ca3bbda4c7ab1f1e7faa4a3bc85113536

    SHA256

    7ed462ab8a87730f83b160c31a26d2131c464608bd16f015f46d57a9560b6991

    SHA512

    e986b7e8cea6175fd08fe1523408983f24e78f00ad55da568ddc7b6897a627f26e1c62f838fb5c8836cf244d2bf08e426583b085858feddf227c442b72ae0b16

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a499fd07a6abf9cce56ebd569f86d90

    SHA1

    d174d1bb2fef0c1008acf94794331e5dd828d553

    SHA256

    1f1e716f16fc48e97489d931ad9f0bbe4241aa8cf03635142b2ea7ecef3e5998

    SHA512

    609697afe77c07f00f03f86fa2c5b8884077e9b354d25f8d06b97d7967244a848612b331a6d443ce0b751c7f3ae99a60147038b7c251c04e21c044840fd2dfca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c2550fc0c6f64a5bb9503c2e137a565b

    SHA1

    b91f7d3c5cd0e0aa2c06a9752b16f69147ef11cc

    SHA256

    5175e5c7c4f60bd26b218266dca5cb8f68a430ca10b958faf753e7cd340ab9bb

    SHA512

    49a4104e22f4b2ca1ed21065078db5307d1725832fe1e7ad15380f05041f53ed96a383b0e72b57cd3560f59d0c5253a29cc5566c076d3d9c39904c22868d2222

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7517cf765aabbc7bb62e2ee41ee5f0fd

    SHA1

    2a22fc9522207ffb01e839506fa5170fa114d65b

    SHA256

    a9ff78c513aa42dc6704efdc903af19460848d9c7b395c2856c468595723dcde

    SHA512

    64d27d36945c85370748d1528fb2ad17848ecef131a59ff7caeda810edf47900c1a66b4db844406b4f016981eaf736d09c28aefb30554446ebfc6e03b66d2ae8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d3d3cbab57453ae43767e64c94ccab07

    SHA1

    35d21f99f559a434a756e60de9756be92c9e9afa

    SHA256

    d7dd7d1fe793eafa9d370e70cb1ad178909d7863ae32e4686594722603326b3a

    SHA512

    0c17d5ccab5d5f3f0816e3ee363d3ac324ec9c6ce4788b3c16ea51cd8b6b854fef4707ba3b4175106f0cdb20547a4a11f1ce56b22a2d557d3ffdd49ab4ff09bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f3b08a69b78b3f5aec2faac21ffd70f3

    SHA1

    5b2c94308b0f8c8816bbf9d3057f46e3d4020ff1

    SHA256

    9c62e004973b053f06c9024dbee54580a95b66b8a11d27cea061f1cd2be999ff

    SHA512

    47c4768a2aea8ed975cd9359c0af6479879a3c0aead75c9ec995c0eea0b09ef3c1b81bbdeb70a28b714232b8da16598b7bafe1ee0152ba8500b6c51161eb1a8f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fa5a24647b5216d09daea4b5053916e8

    SHA1

    fc436fa53313817652cb6a4f193a854a359ce2e5

    SHA256

    346b38e2d353713443e3ac9cb73f63738c147e1a60c8145d16a05b6116a20298

    SHA512

    294e32cd1e078efd7aa4e85ab7068f2ad80b7857869293d58f174c15f1a25d15684f227fdb493b3ff95eed468eaae5f9dd7d4a557dcd84851e8dffd3a1f52d4f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c79a2c263c8dd96d98771c4f91f1c85e

    SHA1

    58fc40ab136dfa66321a9d47ffd7e01c6bdf30df

    SHA256

    6d9c8ab5186ddd6077ea390b77d95b072dfd170b2a5e6c4923e0928fe5d45321

    SHA512

    dad5859bcfad002c3b5c731682e817521c52184a9b75d88eb17ca8717cfe25b75a0fc8a9288255131d6900a24ef1b1565a3353c6d8a60ea5f9ee4af8fcb4dd32

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b5f29ac253e953f81d89e528e41ed539

    SHA1

    fa225b65817c2ddba2d3b46bf6df6c9c5b2cfa60

    SHA256

    a74c6eedb2ab5bf270b81176d9975e5a806a20656a274f8c20b87b643f157b21

    SHA512

    25ea77e7b57adb466688052574c6660489c2264e337926be0339df82ea6d9a0d135d74b62d32bfd7a0154eb518dc52553a9e9c9fdfdab3334ce012d4945c4cd1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    2a2d601197de539d592db2a2b9bfc5d0

    SHA1

    b62d7dcf330354ae05bd82bf8281118db3e718bf

    SHA256

    80b6b1c43b23b3bf454faa9dab3209a00280cac7baf5b571b351941c886b2863

    SHA512

    1457c4f33796247eebdf9f5a54aba580824b1f63830529fc1c29fbb984d31bfb6847de732c71d7be3bdac7fe5f9078959fc3b9d4f56aa5993f29870a2f54e6b8

  • C:\Users\Admin\AppData\Local\Temp\Cab898C.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar8C3E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b